// write student record
$query = "INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)".
" VALUES ($LastName, $FirstName, $email, $grade, $phone, $cell, $lunch)";
echo $query . '<br />';
$result = mysql_query($query);
if (!$result)
die("Error inserting Student record: ". mysql_error());
INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)
VALUES (Weiner, Wendy, somemail@gmail.com, 12, 2123334444, 8458765555, 5)
错误:您的SQL语法出错;查看与您的MySQL服务器版本对应的手册,以便在第1行“@ gmail.com,12,2123334444,8458765555,5”附近使用正确的语法
服务器版本:5.0.91-community
答案 0 :(得分:1)
您正在邀请little Bobby Tables访问,方法是使用在SQL查询中未转义的用户提供的数据。
使用mysql_real_escape_string来确认输入,或使用PDO做得更好。
答案 1 :(得分:1)
不应该是
INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)
VALUES (Weiner, Wendy, 'somemail@gmail.com', 12, 2123334444, 8458765555, 5)
我。即电子邮件地址用引号?
答案 2 :(得分:0)
您需要在引号中包含您的值:
$query = "INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)". " VALUES ('$LastName','$FirstName','$email', '$grade', '$phone', '$cell', '$lunch')";